Splunk Search

How to search multiple dstIP traffic most efficiently

SimonM
New Member

Its a basic request however has been causing me grief:

Easiest / most efficient way to find Destination IP (dstip) for multiple IP list:

I regularly am supplied with a list of IP  (10-20) for confirmation

Need to stop using ;

OR ""  OR "" OR ""

 

Like to use  simple lookup for multiple dstIP if possible - copy and paste IP scenario

 

index=? if dstip =    

1.2.3.4

2.3.4.5

3.4.5.6

4.5.6.7

| table hostname, hostip

 

Yes I'm learning but I super appreciate any help with this easy one > will save me hours

Labels (1)
0 Karma

yuanliu
SplunkTrust
SplunkTrust

I am confused.  Is this a simple exercise of list operator IN in search? (Search: Comparison expression options)

index=? dstip IN (
1.2.3.4,
2.3.4.5,
3.4.5.6,
4.5.6.7)
| table hostname, hostip

 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...